def update_user(request, user_id): if not request: abort(400) user = session.query(User).filter(User.id == user_id).first() if not user: return HttpResponse(403).error(ErrorCode.USER_NFIND) infos = request.json verification = check_user_infos(infos) if verification is not None: return HttpResponse(403).error(verification) if 'mail' in infos: existing = session.query(User).filter( User.mail == infos['mail']).first() if existing: return HttpResponse(403).error(ErrorCode.MAIL_USED) if 'password' in infos: hashed = get_hashed_password(infos['password']) infos['password'] = hashed infos['date_update'] = datetime.datetime.now() try: session.begin() session.query(User).filter(User.id == user_id).update(infos) session.commit() except Exception as e: session.rollback() session.flush() return HttpResponse(500).error(ErrorCode.DB_ERROR, e) return HttpResponse(202).success(SuccessCode.USER_UPDATED)
def delete_user(request, user_id): """ Delete an user :param request: :param user_id: :return: Httreponse """ if not request: abort(400) if not check_user_permission(user_id): error = { 'error': 'Action interdite: Tentative d\'action sur un compte non identifié' } return HttpResponse(403).custom(error) user = session.query(User).filter(User.id == user_id).first() if not user: return HttpResponse(403).error(ErrorCode.USER_NFIND) try: session.begin() session.query(User).filter(User.id == user_id).delete() session.commit() except Exception as e: session.rollback() session.flush() return HttpResponse(500).error(ErrorCode.DB_ERROR, e) return HttpResponse(202).success(SuccessCode.USER_DELETED)
def get_user(request): if not request: abort(400) if 'mail' in request.args: user = session.query(User).filter( User.mail == request.args['mail']).first() if not user: return HttpResponse(403).error(ErrorCode.USER_NFIND) res = {'user': to_dict(user)} return HttpResponse().custom(res) users = session.query(User).filter() res = {'users': [to_dict(x) for x in users]} return HttpResponse().custom(res)
def post_products(self, request): #ip serveur benjamin res = requests.get('http://35.210.200.125:5000/').json() old_products_list = session.query(Product).filter( Product.id_user == self.user_connected).all() id_rfid_list = [product.id_rfid for product in old_products_list] converted_list = [str(i) for i in id_rfid_list] res_list = res["product_list"] new_elements = [ item for item in res_list if item not in converted_list ] if len(new_elements) == 0: return HttpResponse(200).custom({ 'state': "J'ai déjà enregistrer tout les produits dans votre armoire." }) name_new_element = [] for element in new_elements: link_product_to_user_with_id_rfid(element, self.user_connected) name_new_element.append(get_product_name_with_rfid(element)) name_to_return = ', '.join(name_new_element) return HttpResponse(200).custom( {'state': f'Vous avez ajouté: {name_to_return}'})
def validate_user_access(self, kwargs): user_connected = session.query(AccessToken).filter( AccessToken.token == self.token).first() user_connected = to_dict(user_connected) if int(user_connected['id_user']) != int(kwargs['user_id']): return False return True
def link_product_to_user_with_id_rfid(id_rfid, id_user): """ Link a product to with a user by id rfid :param id_rfid: :param id_user: :return: True if the modification is ok False if not """ product = session.query(Product).filter(Product.id_rfid == id_rfid).first() info = {"date_update": datetime.datetime.now(), "id_user": id_user} try: session.begin() session.query(Product).filter(Product.id_rfid == id_rfid).update(info) session.commit() except Exception as e: session.rollback() session.flush() raise e
def __init__(self, token): """ :param str token: """ self.token = token self._model = session.query(AccessToken).filter( AccessToken.token == token).first() if self._model is None: raise ValueError(f'Cannot find token {self.token}')
def grant_password(self): validator = HttpRequestValidator() validator.throw_on_error(True) validator.add_param('username', True) validator.add_param('password', True) if validator.verify(): username = self.__request.get_param('username') username = username.lower() user = session.query(User).filter(User.mail == username).first() if user and user.is_active != 0 and user.password: current_pw = user.password password = self.__request.get_param('password') if PasswordUtilities.check_password(password, current_pw): scope = "user" access_token = AccessToken( app_id=self.application_id, type='bearer', token=uuid.uuid4().hex[:35], date_insert=datetime.datetime.now(), id_user=user.id, expiration_date=arrow.now().shift(hours=+10).datetime, is_enable=1, scopes='user') try: session.begin() session.add(access_token) session.commit() except Exception as e: session.rollback() session.flush() return HttpResponse(500).error(ErrorCode.DB_ERROR, e) refresh_token = RefreshToken( app_id=self.application_id, date_insert=datetime.datetime.now(), token=uuid.uuid4().hex[:35], is_enable=True, access_token_id=access_token.id, ) try: session.begin() session.add(refresh_token) session.commit() except Exception as e: session.rollback() session.flush() return HttpResponse(500).error(ErrorCode.DB_ERROR, e) return access_token, refresh_token else: raise Exception('Invalid username or password') else: raise Exception('Invalid username or password')
def get_product_name_with_rfid(id_rfid): """ return the product name with rfid :param param: :param name_colomn_to_search: :return: """ product = session.query(Product).filter(Product.id_rfid == id_rfid).first() return product.product_name
def get_list_of_product(self, request): old_products_list = session.query(Product).filter( Product.id_user == self.user_connected).all() name_new_element = [] for element in old_products_list: name_new_element.append(element.product_name) state_res = 'Dans votre armoire il y a : ' product = ", ".join(name_new_element) state_res += product return HttpResponse(200).custom({'state': state_res})
def delete_products(request, product_id): """ Delete a product :param request: :param product_id: :return: """ if not request: abort(400) product = session.query(Product).filter(Product.id == product_id).first() if not product: return HttpResponse(403).error(ErrorCode.PRODUCT_NFIND) try: session.begin() session.query(Product).filter(Product.id == product_id).delete() session.commit() except Exception as e: session.rollback() session.flush() return HttpResponse(500).error(ErrorCode.DB_ERROR, e) return HttpResponse(202).success(SuccessCode.PRODUCT_DELETED)
def get_app_with_client_id(self, client_id): """ Try to fetch an application with this client_id :param str client_id: The app client_id :rtype: APIOAuthApplicationModel """ app = session.query(AuthApplication).filter(AuthApplication.client_id == client_id).first() if not app: raise Exception('Invalid application : app_id.') return app
def get_products(request, product_id): if not request: abort(400) products = session.query(Product).filter(Product.id == product_id).first() if not products: return HttpResponse(403).error(ErrorCode.PRODUCT_NFIND) product = requests.get(urlopenfoodfact.format(products.id_ean)) return HttpResponse(200).custom({ 'success': 'On a retrouvé le produit.', 'position': products.position, 'expiration_date': products.expiration_date, 'id_ean': products.id_ean, 'informations': product.json() })
def __init__(self, header_token=None): if not header_token: raise Exception("Token undefined") reg = re.compile('Bearer ([A-Za-z0-9-=]+)') result = reg.findall(header_token) if not result: raise Exception("Token undefined") token = result[0] user_connected = session.query(AccessToken).filter( AccessToken.token == token).first() users = to_dict(user_connected) self.user_connected = users["id_user"]
def check_user_permission(user_id): requester = HttpRequest() token = requester.get_param('accessToken') timestamp = requester.get_param('oauth_timestamp') header_token = requester.get_header("Authorization") if header_token is None: header_token = requester.get_header("X-Authorization") if header_token: reg = re.compile('Bearer ([A-Za-z0-9-_=]+)') result = reg.findall(header_token) if result: token = result[0] user_connected = session.query(AccessToken).filter( AccessToken.token == token).first() user_connected = to_dict(user_connected) if int(user_connected['id_user']) != int(user_id): return False return True
def user_login(self, username, password): """ Login an user and return it. :param str username: User username :param str password: User password :rtype: UserModel or None """ user = session.query(User) \ .join(AccessToken, User.id == AccessToken.id_user) \ .filter(User.mail == username) \ .add_columns(User.id, User.password, AccessToken.token) \ .first() #user = session.query(User).filter(User.mail == username).first() if user is not None: if check_password(password, user.password.encode()): return user else: return None else: return None
def create_user(request): if not request: abort(400) verification = check_user_infos(request.json) if verification is not None: return HttpResponse(403).error(verification) existing = session.query(User).filter( User.mail == request.json['mail']).first() if existing: return HttpResponse(403).error(ErrorCode.MAIL_USED) hashed = get_hashed_password(request.json['password']) new_user = User(date_insert=datetime.datetime.now(), date_update=datetime.datetime.now(), is_active=1, status=0, gender=request.json['gender'], lastname=request.json['lastname'], firstname=request.json['firstname'], mail=request.json['mail'], password=hashed, country=request.json['country'], town=request.json['town'], street=request.json['street'], street_number=request.json['street_number'], region=request.json['region'], postal_code=request.json['postal_code']) try: session.begin() session.add(new_user) session.commit() except Exception as e: session.rollback() session.flush() return HttpResponse(500).error(ErrorCode.DB_ERROR, e) app_id = session.query(AuthApplication).filter( AuthApplication.project_id == "arlex-ccevqe").first().id access_token = AccessToken(app_id=app_id, type='bearer', token=uuid.uuid4().hex[:35], date_insert=datetime.datetime.now(), id_user=new_user.id, expiration_date=datetime.datetime.now() + datetime.timedelta(weeks=2), is_enable=1, scopes="user") try: session.begin() session.add(access_token) session.commit() except Exception as e: session.rollback() session.flush() return HttpResponse(500).error(ErrorCode.DB_ERROR, e) refresh_token = RefreshToken( app_id=app_id, date_insert=datetime.datetime.now(), token=uuid.uuid4().hex[:35], is_enable=True, access_token_id=access_token.id, ) try: session.begin() session.add(refresh_token) session.commit() except Exception as e: session.rollback() session.flush() return HttpResponse(500).error(ErrorCode.DB_ERROR, e) return HttpResponse(201).success( SuccessCode.USER_CREATED, { 'id': new_user.id, 'access_token': access_token.token, 'refresh_token': refresh_token.token })
def grant_authorization_code(self): validator = HttpRequestValidator() validator.throw_on_error(False) validator.add_param('code', True) validator.add_param('redirect_uri', True) if not validator.verify(): raise Exception('Invalid code') code = session.query(AccessToken).filter( AccessToken.token == self.__request.get_param('code')).first() if code is None or code.is_enable == 0: raise Exception('Missing valid code') info = {"is_enable": 0} try: session.begin() session.query(AccessToken).filter( AccessToken.id == code.id).update(info) session.commit() except Exception as e: session.rollback() session.flush() return HttpResponse(500).error(ErrorCode.DB_ERROR, e) if str(code.app_id) != str(self.application_id): raise Exception('Code does not match your app_id.') user = self.get_user(code.id_user) if not user or user.is_active == 0: raise Exception('Cannot authorize. Account is disabled.') access_token = AccessToken( app_id=self.application_id, type='Bearer', token=uuid.uuid4().hex[:35], date_insert=datetime.datetime.now(), id_user=user.id, expiration_date=arrow.now().shift(hours=+10).datetime, is_enable=1, scopes="user") try: session.begin() session.add(access_token) session.commit() except Exception as e: session.rollback() session.flush() return HttpResponse(500).error(ErrorCode.DB_ERROR, e) refresh_token = RefreshToken( app_id=self.application_id, date_insert=datetime.datetime.now(), token=uuid.uuid4().hex[:35], is_enable=True, access_token_id=access_token.id, ) try: session.begin() session.add(refresh_token) session.commit() except Exception as e: session.rollback() session.flush() return HttpResponse(500).error(ErrorCode.DB_ERROR, e) return access_token, refresh_token
def get_user(self, user_id): """ :rtype: UserModel, ProModel or None """ user = session.query(User).filter(User.id == user_id).first() return user